Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
- To: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
- Subject: [MLUG] Re: [MLUG - DISCUSSION] Need help understanding the ~
- From: EMAIL:PROTECTED
- Date: Thu, 20 Mar 2008 17:26:46 +0000 (GMT)
- Cc: MLUG Members <EMAIL:PROTECTED>
- Delivery-date: Thu, 20 Mar 2008 12:31:30 -0500
- Envelope-to: EMAIL:PROTECTED
- In-reply-to: <EMAIL:PROTECTED>
- Reply-to: MLUG Members <EMAIL:PROTECTED>
- Sender: EMAIL:PROTECTED
Christian wrote:
> Can someone with concrete knowledge explain to me the danger of
> URLs containing tildes?
The tilde is used when accessing an apache server that has mod_userdir enabled.
Normally this you would enable this and set UserDir to a folder name like public_html
After doing that, you also need to enable access to those directories so httpd.conf would contain something like this:
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>
</IfModule>
So from a security standpoint, you are granting access only to files inside the public_html folder in each user's home folder, not the home folder itself.
I'm not really sure what you're trying to achieve in the second part of your email.
I've copied this over to the members list, as it probably belongs there.
Russell
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact